Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NnwM_0g7xCz68j-0dGLgXwrq5Ks.roa
File: NnwM_0g7xCz68j-0dGLgXwrq5Ks.roa (raw, json)
Hash identifier: 53h4olQ0WG9znB66R7NBfd8G8x8HmcOVWLTgkvi0RJc=
Subject key identifier: 36:7C:0C:FF:48:3B:C4:2C:FA:F2:3F:B4:74:62:E0:5F:0A:EA:E4:AB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3A8A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NnwM_0g7xCz68j-0dGLgXwrq5Ks.roa
Signing time: Sat 06 Apr 2024 15:22:30 +0000
ROA not before: Sat 06 Apr 2024 15:22:30 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14986 (0x3a8a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 6 15:22:30 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=367C0CFF483BC42CFAF23FB47462E05F0AEAE4AB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:d9:31:7b:7d:13:ea:63:af:aa:d2:6d:c7:57:
c2:a0:78:06:13:1b:94:61:9f:a0:a9:9d:f4:b2:07:
04:45:3b:2f:c9:8d:43:c0:04:66:84:d3:fc:69:f2:
77:8a:59:f6:f1:65:56:4f:c0:05:86:25:31:f1:a4:
f1:4f:47:ec:b7:de:58:33:31:8e:db:ef:6f:ab:1a:
95:3e:fb:20:4d:7a:74:91:38:92:45:36:9c:b7:a0:
2c:4a:26:b9:07:a2:6e:30:56:c7:62:08:d6:5a:49:
1b:6b:46:4d:52:c8:9a:42:e8:b4:a4:16:82:3a:52:
cb:cb:a6:de:d9:1c:ed:54:f0:61:ee:37:97:42:44:
22:4b:6f:cd:7a:ed:f6:0b:4e:53:3e:5c:54:9d:4f:
3b:3c:1f:ce:79:8a:0c:c6:52:6e:6c:17:c4:67:f5:
c8:9f:53:32:3e:5b:ae:aa:a8:8f:ce:96:3d:04:51:
01:99:fd:78:ef:83:24:1d:1c:d3:9e:28:5f:bc:e9:
3a:23:e1:62:43:59:83:49:3c:f9:2a:16:28:0e:94:
36:19:66:18:49:e8:3d:bf:9a:69:32:dc:40:08:c4:
19:f6:12:04:db:d1:69:8c:ab:60:b0:50:d6:d6:77:
1c:9c:97:ec:95:eb:31:0b:db:8c:0f:1e:94:a6:ce:
41:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:7C:0C:FF:48:3B:C4:2C:FA:F2:3F:B4:74:62:E0:5F:0A:EA:E4:AB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NnwM_0g7xCz68j-0dGLgXwrq5Ks.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6c:6d:0c:fe:c1:ba:ab:bb:92:68:a4:9f:92:f1:e2:f0:96:c1:
cd:39:36:ed:0e:c5:81:6e:f6:4e:7a:24:ff:b3:36:7a:7e:6a:
01:77:62:8f:a1:e1:1d:65:49:56:67:30:04:96:4a:f1:dd:80:
c7:3e:01:1e:d1:a1:7c:fc:86:ca:b6:d5:c1:54:b9:ff:d4:d1:
1c:24:30:e6:c9:15:38:87:00:f1:f2:a8:bc:8e:e4:fa:b9:f5:
f1:d1:e6:df:5a:fa:7a:5d:20:39:49:4f:2d:04:f6:ae:33:f9:
7b:fe:f8:75:a6:b4:45:bc:21:a0:a3:ab:3c:44:60:82:30:68:
d6:3c:cf:ee:41:ff:90:97:d5:4a:87:d8:e3:a4:67:1a:50:77:
7f:43:83:b9:24:77:35:46:08:fb:e7:2a:ae:45:b9:39:3d:b0:
52:2b:10:4d:fe:6f:72:56:3d:f2:dd:6f:99:a4:eb:db:47:73:
d4:56:2e:2b:f3:56:c7:73:6c:b0:ef:d2:69:03:91:3a:31:c2:
9d:32:e9:2b:57:5f:1d:92:33:1a:10:31:be:10:93:92:10:6d:
85:34:fc:8b:42:37:dc:6c:85:21:0e:c5:af:f8:26:40:e5:14:
47:9e:0a:4b:03:f9:02:c9:54:1e:c2:e7:84:4c:81:ae:6f:13:
ec:9f:2c:6a
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOoowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDYx
NTIyMzBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM2N0MwQ0ZGNDgzQkM0
MkNGQUYyM0ZCNDc0NjJFMDVGMEFFQUU0QUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCW2TF7fRPqY6+q0m3HV8KgeAYTG5Rhn6CpnfSyBwRFOy/JjUPA
BGaE0/xp8neKWfbxZVZPwAWGJTHxpPFPR+y33lgzMY7b72+rGpU++yBNenSROJJF
Npy3oCxKJrkHom4wVsdiCNZaSRtrRk1SyJpC6LSkFoI6UsvLpt7ZHO1U8GHuN5dC
RCJLb8167fYLTlM+XFSdTzs8H855igzGUm5sF8Rn9cifUzI+W66qqI/Olj0EUQGZ
/XjvgyQdHNOeKF+86Toj4WJDWYNJPPkqFigOlDYZZhhJ6D2/mmky3EAIxBn2EgTb
0WmMq2CwUNbWdxycl+yV6zEL24wPHpSmzkHXAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUNnwM/0g7xCz68j+0dGLgXwrq5KswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05ud01fMGc3eEN6Njhq
LTBkR0xnWHdycTVLcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAbG0M/sG6q7uSaKSfkvHi8JbBzTk27Q7F
gW72Tnok/7M2en5qAXdij6HhHWVJVmcwBJZK8d2Axz4BHtGhfPyGyrbVwVS5/9TR
HCQw5skVOIcA8fKovI7k+rn18dHm31r6el0gOUlPLQT2rjP5e/74daa0RbwhoKOr
PERggjBo1jzP7kH/kJfVSofY46RnGlB3f0ODuSR3NUYI++cqrkW5OT2wUisQTf5v
clY98t1vmaTr20dz1FYuK/NWx3NssO/SaQOROjHCnTLpK1dfHZIzGhAxvhCTkhBt
hTT8i0I33GyFIQ7Fr/gmQOUUR54KSwP5AslUHsLnhEyBrm8T7J8sag==
-----END CERTIFICATE-----
Generated at Sun Jun 22 14:40:13 2025 by rpki-client